"Lots is written on what to do to avoid being hacked, what is
the recommended procedure after an attempted or successful attack?
If you have an IP address, for example, do you try and contact the
hacker directly, do you report it to some type of authority,
etc?"

"I have a linux machine at home that's connected to both the
Internet and my local network. It also has a printer installed, so
lpd is running. Obviously I want only the internal network to "see"
lpd. I could add a firewall rule to block external access to the
printer (and I have), but a firewall is easy to take down by
accident, leaving everything listening on the external interface
open to attack. All other services I'm running offer the option to
bind to only one network interface (the internal one),
automatically hiding them from the Internet, even without any
firewall rulesets applied."

"How do I make lpd only bind to the internal interface, instead
of to all interfaces?"